Console Access

All initial configuration tasks must be completed via the console interface on the front of the switch. The Ruckus ICX7150-C12P has two console interfaces. The first you will notice is the standard RJ-45 interface and the second is the more modern USB-C interface placed in the top left corner of the front of the switch. You can use either of these interfaces with a terminal emulator program of your choice.

RJ-45 Console access

The switch ships with an RJ-45 to DB-9 Serial console cable in the box, I imagine because it is more compatible with all the other switches out there! To use this you will need a USB to RS-232 DB9 Male serial cable with the relevant drivers to make it work.

USB-C Console Access

To use the USB-C port you simply need a USB data cable with a USB-C connection on one end and a compatible connection for your laptop on the other. If your laptop uses the regular USB ports, you will need a USB Type-A to USB-C data cable. On newer laptops like the MacBook Pros that come only with USB-C ports, you will need a USB-C to USB-C data cable. Some notes here:

Most common operating systems (Windows, macOS etc) already have the necessary FTDI drivers for this USB connection, so you shouldn’t need to do anything additional to get this to work.

If the connection doesn’t work at first, check that you are in fact using a data cable and not a charging cable. I have made this mistake before and wasted quite some time fidgeting with drivers etc before realizing my cable was a charging cable and not a data cable, and therefore unable to actually move any serial data.

If you are aware that you don’t have the FTDI drivers, or the connection doesn’t load even after you’ve double checked the cable type, you can get them from the support site or here. You should download the VCP drivers.

Serial Port Settings

The serial port settings are detailed in the table below:

Parameter

Value

Baud Rate

9600

Data Bits

8

Parity

None

Stop Bits

1

Flow Control

None

Configuration Tasks

Setting the Switch Hostname

First thing to do now is set the switch hostname, so we can always know which switch it is we are looking at.

Setting the Diffie-Hellman Key Exchange Algorithm Group

The default key exchange algorithm used by the Ruckus ICX Switches is Diffie-Hellman Group-1, SHA-1 with a modulus of 768 bits. If you are using macOS Sierra 10.12 or later, or are using OpenSSH 7, you may find that when you try to connect to the switch you get an error that states: “Unable to negotiate with xxx.xxx.xxx.xxx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1”

To fix this problem you have a few options: The first (and worst) option is to alter your system settings (another link here) to re-enable the weak Diffie-Hellman groups. This may be the only workable option for compatibility whilst moving your network entities to a more secure key exchange algorithm. The other, less terrible option is to allow weak Diffie-Hellman key exchange algorithms on an as needed basis when opening the connections.

The best option for your new Ruckus ICX switching environment however, is to enforce Diffie-Hellman Group 14 key exchange, which uses a 2048 bit modulus and won’t require you to weaken your system’s security.

RobLab_7150_C12P_1(config)#ip ssh key-exchange-method dh-group14-sha1Warning: This operation would close all existing SSH connection.RobLab_7150_C12P_1(config)#

Setting a Username and Password

We need to configure a username and password on the switch. For now we are going to focus on using the local AAA feature on the switch. Ruckus ICX Switches allow you to specify the privilege level of a new user as follows:

Congratulations, you are all setup and can now access your switch securely via SSH using a locally stored username and password. You should still easily be able get into the switch via direct console connection, just in case things go bad!